Who ARE We?
Founded by Andrew Shea in 2022, we laser focus on applying the FAIR Institute’s model of Cyber Risk Quantification to our customers’ needs. We believe that by being able to quantify risk, it’s possible to make life better for security leadership and the businesses they support by providing a means to engage with business leaders in their language and SOLVE problems.
Our partnership-based approach works to tailor the output to the needs of your audiences whether that is a “simple” CRQ analysis or a broader program-building engagement. Find our full list of available services here.
We promise you’ll walk away from our meetings feeling lighter, empowered and confident though, we haven’t yet figured out how to quantify that one.
We also recognize that to be effective in Cyber Risk Management deep domain expertise is required across many domains and disciplines. To fill those areas of expertise we have La Mia Famiglia. Our family members are leaders in their domain and available at a moments’ need. While we’re built around the mind or Andrew, an engagement with us spans the community.
CRFQ brings decades of enterprise cyber security and risk management experience to the fore with the express purpose of helping you and your team build a 21st century cyber security and risk management capability.
This is The (CRFQ) Way
Our core mentality and methodology.
Our primary goal is to mold (and empower) modern CISOs with ACTUAL, meaningful data.
It all begins with the belief that today’s CISO needs to embrace being a risk-centric executive with a holistic view of their business.
This CISO deeply understands what other line-of-business leaders need to be successful and is instrumental in driving the attainment of those objectives. This CISO pro-actively measures the risk, impact, and likelihood of measures required to reach these business objectives and provides specific risk treatment options and their ROI so the business leader can make an informed business decision.
A CRFQ CISO always has optimized output from Cyber Risk Quantification Analysis at their fingertips so that content is frictionless to their consumer. For example, financial impact is provided to a CFO in an income statement format. Enterprise risk analysis results are provided within an organizations’ ERM framework.
Accuracy matters and we work tirelessly to make sure CRFQ CISOs are armed with information on relevant threat actors for any scope of risk scenario. Regardless of whether those actors are external and internal, a CRFQ CISO will have full visibility to their MITRE ATTACK TTP so adversarial simulation can be executed.
Successful CRQ programs require operationalization. Our team-based operationalization program results in a program that will stand the test of time with or without our continued involvement.
You can learn more our full slate of service offerings here.